Researchers from the University of New Haven have uncovered a mixed bag of security issues involving the Android apps of a number of popular social media sites including Instagram, Vine, Nimbuzz, OoVoo and Voxer, just to name a few.
University of New Haven Cyber Forensics Research and Education Group director Ibrahim Baggili said security in these apps is an afterthought. Users may assume that the pictures, messages and location maps they send to friends are private but that’s not the case.
Specifically, Baggili and his team found that Instagram, OoVoo, Grindr, HeyWire and TextPlus were all guilty of storing unencrypted image files on a publicly available web server. This is similar to issues the group found with text messaging app Viber earlier this year.
Elsewhere, the researchers discovered the following:
- Tango and MessageMe left unencrypted videos on a server while TextMe and Nimbuzz stored passwords in plaintext on a device.
- Vine, TextPlus, Nimbuzz, TextMe, MeetMe, SayHi, Kik, OoVoo, HeyWire, Hike, MyChat, WeChat, GroupMe, Whisper, Line, Voxer and Words with Friends all stored unencrypted chat logs on a device.
- Instagram, OKCupid, OoVoo, Tango, Kik, Nimbuzz, MeetMe, MessageMe, TextMe, Grindr, HeyWire, Hike and TextPlus all sent text, images, location maps, music and video unencrypted over wireless networks.
All said and done, the researchers estimate that 968 million people use the apps in total. The team has yet to analyze apps running iOS.
